FYI (also, if you're not on at least one of these lists, you probably should be).
---------- Forwarded message ---------- From: Gregory Szorc <gsz...@mozilla.com> Date: Thu, Mar 31, 2016 at 5:39 PM Subject: Upcoming SSH Host Key Rotation for hg.mozilla.org To: dev-version-cont...@lists.mozilla.org, dev-platform < dev-platf...@lists.mozilla.org>, Firefox Dev <firefox-...@mozilla.org>, release-engineer...@lists.mozilla.org This message serves as a notice that the *SSH host keys* for hg.mozilla.org will be rotated in the next ~24 hours. When connecting to hg.mozilla.org over SSH, your SSH client should warn that host keys have changed and refuse to connect until accepting/trusting the new host key. After 1st host key verification failure: 1) `ssh-keygen -R hg.mozilla.org` to remove the old host key 2) `ssh hg.mozilla.org` and verify the fingerprint of the new key matches one of the following: 256 SHA256:7MBAdqLe8+aSYkv+5/2LUUxd+WdgYcVSV+ZQVEKA7jA hg.mozilla.org (ED25519) 256 SHA1:Ft++OU96cvaREKNFCJ6AiuCpGac hg.mozilla.org (ED25519) 256 MD5:96:eb:3b:78:f5:ca:19:e2:0c:a0:95:ea:04:28:7d:26 hg.mozilla.org (ED25519) 4096 SHA256:RX2OK8A1KNWdxyu6ibIPeEGLBzc5vyQW/wd7RKjBehc hg.mozilla.org (RSA) 4096 SHA1:p2MGe4wSw8ZnQ5J9ShBk/6VA+Co hg.mozilla.org (RSA) 4096 MD5:1c:f9:cf:76:de:b8:46:d6:5a:a3:00:8d:3b:0c:53:77 hg.mozilla.org (RSA) Q: What host key types were changed? We dropped the DSA host key and added a ED25519 host key. The length of the RSA key has been increased from 2048 to 4096 bits. Q: Does this impact connections to https://hg.mozilla.org/? No. The x509 certificate to the https:// endpoint is remaining unchanged at this time. Q: Why is this being done? We are modernizing the server infrastructure of hg.mozilla.org. As part of this, we're bringing the hosts in compliance with Mozilla's SSH security guidelines (https://wiki.mozilla.org/Security/Guidelines/OpenSSH). _______________________________________________ firefox-dev mailing list firefox-...@mozilla.org https://mail.mozilla.org/listinfo/firefox-dev
signature.asc
Description: PGP signature
_______________________________________________ mobile-firefox-dev mailing list mobile-firefox-dev@mozilla.org https://mail.mozilla.org/listinfo/mobile-firefox-dev
